{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43060", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.981Z", "datePublished": "2026-05-05T15:17:26.393Z", "dateUpdated": "2026-05-05T15:17:26.393Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-05T15:17:26.393Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: drop pending enqueued packets on removal\n\nPackets sitting in nfqueue might hold a reference to:\n\n- templates that specify the conntrack zone, because a percpu area is\n used and module removal is possible.\n- conntrack timeout policies and helper, where object removal leave\n a stale reference.\n\nSince these objects can just go away, drop enqueued packets to avoid\nstale reference to them.\n\nIf there is a need for finer grain removal, this logic can be revisited\nto make selective packet drop upon dependencies."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_ct.c"], "versions": [{"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "8a64e76933672b08bd85b63086f33432070fd729", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "3da0b946835f33bf36b459ead764c61a761e689b", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "ab50302190b303f847c4eba0e31a01a56dec596e", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "e68a8db3a0546482b34e9ca5ca886bcf73eb37bb", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "6802ff8beceb9c4254318e81c1395720438f2cc2", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "f29a055e4f593e577805b41228b142b58f48df1b", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "77da55dee67720e2b8d2db49a53334e6c017ee7b", "status": "affected", "versionType": "git"}, {"version": "7e0b2b57f01d183e1c84114f1f2287737358d748", "lessThan": "36eae0956f659e48d5366d9b083d9417f3263ddc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_ct.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a64e76933672b08bd85b63086f33432070fd729"}, {"url": "https://git.kernel.org/stable/c/3da0b946835f33bf36b459ead764c61a761e689b"}, {"url": "https://git.kernel.org/stable/c/ab50302190b303f847c4eba0e31a01a56dec596e"}, {"url": "https://git.kernel.org/stable/c/e68a8db3a0546482b34e9ca5ca886bcf73eb37bb"}, {"url": "https://git.kernel.org/stable/c/6802ff8beceb9c4254318e81c1395720438f2cc2"}, {"url": "https://git.kernel.org/stable/c/f29a055e4f593e577805b41228b142b58f48df1b"}, {"url": "https://git.kernel.org/stable/c/77da55dee67720e2b8d2db49a53334e6c017ee7b"}, {"url": "https://git.kernel.org/stable/c/36eae0956f659e48d5366d9b083d9417f3263ddc"}], "title": "netfilter: nft_ct: drop pending enqueued packets on removal", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: drop pending enqueued packets on removal\n\nPackets sitting in nfqueue might hold a reference to:\n\n- templates that specify the conntrack zone, because a percpu area is\n used and module removal is possible.\n- conntrack timeout policies and helper, where object removal leave\n a stale reference.\n\nSince these objects can just go away, drop enqueued packets to avoid\nstale reference to them.\n\nIf there is a need for finer grain removal, this logic can be revisited\nto make selective packet drop upon dependencies."}], "id": "CVE-2026-43060", "lastModified": "2026-05-06T13:08:07.970", "metrics": {}, "published": "2026-05-05T16:16:15.050", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/36eae0956f659e48d5366d9b083d9417f3263ddc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3da0b946835f33bf36b459ead764c61a761e689b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6802ff8beceb9c4254318e81c1395720438f2cc2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/77da55dee67720e2b8d2db49a53334e6c017ee7b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8a64e76933672b08bd85b63086f33432070fd729"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ab50302190b303f847c4eba0e31a01a56dec596e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e68a8db3a0546482b34e9ca5ca886bcf73eb37bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f29a055e4f593e577805b41228b142b58f48df1b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: netfilter: nft_ct: drop pending enqueued packets on removal", "id": "2466803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466803"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in the Linux kernel's netfilter (nft_ct) component. When the nft_ct module is removed, packets still enqueued in the nfqueue might retain outdated references to connection tracking (conntrack) zone templates or timeout policies. This can lead to stale references, potentially causing system instability or a denial of service (DoS) if the referenced objects are no longer available."], "name": "CVE-2026-43060", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43060\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43060\nhttps://lore.kernel.org/linux-cve-announce/2026050537-CVE-2026-43060-f42f@gregkh/T"], "threat_severity": "Moderate"}